armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
beb93b17f27dee8a85db7bf0d882b59cdff4b2a0
linux/net/netfilter
History
Jozsef Kadlecsik 9e8b32b0a0 netfilter: Mark SYN/ACK packets as invalid from original direction 
commit 64f509ce71 upstream.

Clients should not send such packets. By accepting them, we open
up a hole by wich ephemeral ports can be discovered in an off-path
attack.

See: "Reflection scan: an Off-Path Attack on TCP" by Jan Wrobel,
http://arxiv.org/abs/1201.2074

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-26 11:34:54 -08:00
..
ipset
netfilter: ipset: Use the stored first cidr value instead of '1'
2011-06-06 01:35:29 +02:00
ipvs
ipvs: fix oops in ip_vs_dst_event on rmmod
2012-10-21 09:17:11 -07:00
core.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-19 19:17:35 -08:00
Kconfig
netfilter: xt_addrtype: replace rt6_lookup with nf_afinfo->route
2011-04-04 17:01:43 +02:00
Makefile
netfilter: ipt_addrtype: rename to xt_addrtype
2011-03-15 20:16:20 +01:00
nf_conntrack_acct.c
netfilter: complete the deprecation of CONFIG_NF_CT_ACCT
2010-06-25 14:46:56 +02:00
nf_conntrack_amanda.c
netfilter: cleanup printk messages
2010-05-13 15:02:08 +02:00
nf_conntrack_broadcast.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_core.c
netfilter: nf_conntrack: fix racy timer handling with reliable events
2012-10-21 09:17:11 -07:00
nf_conntrack_ecache.c
netfilter: ecache: always set events bits, filter them later
2011-02-01 16:06:30 +01:00
nf_conntrack_expect.c
netfilter: nf_ct_expect: fix possible access to uninitialized timer
2012-10-21 09:17:11 -07:00
nf_conntrack_extend.c
net,rcu: convert call_rcu(__nf_ct_ext_free_rcu) to kfree_rcu()
2011-05-07 22:51:07 -07:00
nf_conntrack_ftp.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_h323_asn1.c
netfilter: h323: bug in parsing of ASN1 SEQOF field
2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: nf_conntrack: use is_vmalloc_addr()
2011-01-14 15:45:56 +01:00
nf_conntrack_irc.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c
netfilter: ctnetlink: fix timestamp support for new conntracks
2011-05-10 09:48:06 +02:00
nf_conntrack_pptp.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_proto_dccp.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_sctp.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
nf_conntrack_proto_tcp.c
netfilter: Mark SYN/ACK packets as invalid from original direction
2012-11-26 11:34:54 -08:00
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_proto.c
netfilter: rcu sparse cleanups
2010-11-15 19:45:13 +01:00
nf_conntrack_sane.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_sip.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
nf_conntrack_snmp.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c
netfilter: nf_conntrack_standalone: Fix set-but-unused variables.
2011-04-17 17:03:33 -07:00
nf_conntrack_tftp.c
netfilter: cleanup printk messages
2010-05-13 15:02:08 +02:00
nf_conntrack_timestamp.c
netfilter: nf_conntrack_tstamp: add flow-based timestamp extension
2011-01-19 16:00:07 +01:00
nf_internals.h
netfilter: cleanup printk messages
2010-05-13 15:02:08 +02:00
nf_log.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-03-03 21:27:42 -08:00
nf_queue.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
nf_sockopt.c
nf_tproxy_core.c
netfilter: tproxy: do not assign timewait sockets to skb->sk
2011-02-17 11:32:38 +01:00
nfnetlink_log.c
netfilter: fix looped (broad|multi)cast's MAC handling
2011-06-16 17:27:04 +02:00
nfnetlink_queue.c
netfilter: fix looped (broad|multi)cast's MAC handling
2011-06-16 17:27:04 +02:00
nfnetlink.c
netfilter: cleanup printk messages
2010-05-13 15:02:08 +02:00
x_tables.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6
2011-05-11 14:26:58 -04:00
xt_addrtype.c
netfilter: xt_addrtype: replace rt6_lookup with nf_afinfo->route
2011-04-04 17:01:43 +02:00
xt_AUDIT.c
netfilter ebtables: fix xt_AUDIT to work with ebtables
2011-03-16 18:32:13 +01:00
xt_CHECKSUM.c
netfilter: add CHECKSUM target
2010-07-15 17:20:46 +02:00
xt_CLASSIFY.c
netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table
2010-11-15 13:57:56 +01:00
xt_cluster.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_comment.c
xt_connbytes.c
netfilter: xt_connbytes: Force CT accounting to be enabled
2010-06-25 14:44:07 +02:00
xt_connlimit.c
netfilter: xt_connlimit: remove connlimit_rnd_inited
2011-03-15 13:26:32 +01:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
netfilter: revert a2361c8735
2011-05-10 12:13:36 +02:00
xt_cpu.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_CT.c
secmark: make secmark object handling generic
2010-10-21 10:12:48 +11:00
xt_dccp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_devgroup.c
netfilter: xtables: add device group match
2011-02-03 00:05:43 +01:00
xt_dscp.c
xt_DSCP.c
netfilter: IPv6: fix DSCP mangle code
2011-05-10 10:00:21 +02:00
xt_esp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_hashlimit.c
netfilter: limit, hashlimit: avoid duplicated inline
2012-10-21 09:17:11 -07:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_IDLETIMER.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_iprange.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-04 14:28:58 -08:00
xt_ipvs.c
IPVS: netns, use ip_vs_proto_data as param.
2011-01-13 10:30:27 +09:00
xt_LED.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_length.c
xt_limit.c
netfilter: xt_limit: have r->cost != 0 case work
2012-10-21 09:17:11 -07:00
xt_mac.c
xt_mark.c
xt_multiport.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_NFLOG.c
xt_NFQUEUE.c
netfilter: allow NFQUEUE bypass if no listener is available
2011-01-18 16:08:30 +01:00
xt_NOTRACK.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_osf.c
net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu()
2011-05-07 22:51:12 -07:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_quota: report initial quota value instead of current value to userspace
2010-07-23 14:07:47 +02:00
xt_rateest.c
xt_RATEEST.c
pkt_sched: gen_kill_estimator() rcu fixes
2010-06-11 18:37:08 -07:00
xt_realm.c
xt_recent.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
xt_repldata.h
xt_sctp.c
netfilter: xt_sctp: use WORD_ROUND macro to calculate length of multiple of 4 bytes
2010-06-09 14:47:40 +02:00
xt_SECMARK.c
secmark: make secmark object handling generic
2010-10-21 10:12:48 +11:00
xt_set.c
netfilter: ipset: set match and SET target fixes
2011-04-13 13:45:57 +02:00
xt_socket.c
netfilter: add more values to enum ip_conntrack_info
2011-06-06 01:35:10 +02:00
xt_state.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_statistic.c
netfilter: xt_statistic: remove nth_lock spinlock
2010-06-01 12:00:41 +02:00
xt_string.c
xt_tcpmss.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TCPMSS.c
netfilter: af_info: add 'strict' parameter to limit lookup to .oif
2011-04-04 17:00:54 +02:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TEE.c
ipv6: Convert to use flowi6 where applicable.
2011-03-12 15:08:54 -08:00
xt_time.c
netfilter: remove unnecessary returns from void function()s
2010-05-13 15:16:27 +02:00
xt_TPROXY.c
netfilter: tproxy: do not assign timewait sockets to skb->sk
2011-02-17 11:32:38 +01:00
xt_TRACE.c
xt_u32.c